In re Appl. of Arditi et al. 

Application No. 10/659,796 

Response to Office Action of December 7, 2006 

AMENDMENTS TO THE CLAIMS : 
Listing of Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Currently Amended) A method for applying an electronic signature from a client station, 
comprising the steps of: IPJ authenticating the client station at a server, thereby establishing 
an authenticated communication channel between the client station and said server; IBI 
generating a private key/public key pair at the client station; ICI sending from the client 
station to the server, via the authenticated channel, a request for a signature certificate, 
generated by means of at least the public ke v. said request provid ing to the server information 
pertaining to at least the public kev and excluding the private key ; /D/ sending from the 
server to the client station, via the authenticated channel, a signature certificate provided in 
response to said request; /E/ calculating a cryptographic signature at the client station by 
means of the private key, then destroying the private key at the client station; and IFI 
formatting the calculated signature with the aid of the signature certificate received by the 
client station via the authenticated channel. 

2. (Original) Method according to claim 1, wherein steps ICI and IEI are executed in 
parallel at the client station. 

3. (Original) Method according to claim 1, wherein steps IBI, /C/, IEI and f¥l are at least 

partially executed at the client station under the control of a program downloaded from the 
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server in response to step /A/. 

4. (Original) Method according to claim 1, wherein step IAJ comprises mutually 
authenticating the server and the client station. 

5. (Original) Method according to claim 1, comprising the further step of verifying, at the 
client station, the signature certificate received via the authenticated channel. 

6. (Original) Method according to claim 1, wherein the signature certificate obtained by the 
server has a validity period of at most one day. 

7. (Original) Method according to claim 1, comprising the preliminary step of registering 
the client station with respect to a certification authority with which the server cooperates, or 
with respect to a registration authority associated with said certification authority. 

8. (Currently Amended) A computer program product on a record able medium, comprising 

instructions to bo executed in for controlling a client station having authentication resources 

with respect to an electronic signature assistance server, said instructions including: 

instructions for generating a private key/public key pair after the establishment of an 

authenticated channel between the client station and said server; instructions for transmitting 

to the server, via the authenticated channel, a request for a signature certificate generated by 

means of at least the public ke v. said request providing to the server information pertaining to 

at least the public key and excluding the private key ; instructions for receiving from the 

server, via the authenticated channel, a signature certificate obtained in response to said 
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request; instructions for calculating a cryptographic signature by means of the private key, 
and then for destroying the private key; and instructions for formatting the calculated 
signature with the aid of the signature certificate received via the authenticated channel. 

9. (Original) Computer program product according to claim 8, wherein the instructions for 
transmitting the signature certificate request and the instructions for calculating the electronic 
signature and then for destroying the private key are executable in parallel. 

10. (Original) Computer program product according to claim 8, wherein at least some of said 
instructions form part of a program written in a mobile code language and downloadable 
from said server (2) after establishment of the authenticated channel. 

11. (Original) Computer program product according to claim 8, wherein said instructions 
further include instructions for verifying the signature certificate received via the 
authenticated channel. 

12. (Currently Amended) An electronic Electronic signature assistance server, comprising 

means of authenticating a client station to establish an authenticated communication channel 

with said client station, means for obtaining a signature certificate in response to a request 

received from the client station via the authenticated channel and for transmitting said 

certificate to the client station via the authenticated channel, and means for downloading to 

the client station a program written in a mobile code language, including instructions for 

controlling, at least partially, the execution of the following operations by the client station: 

generation of a private key/public key pair at the client station after the establishment of the 

4 



In re Appl. of Arditi et al. 

Application No. 10/659,796 

Response to Office Action of December 7, 2006 

authenticated channel; transmission to the server, via the authenticated channel, of a request 
for a signature certificate generated by means of at least the public key, said request 
providing to the server information pertaining to at least the public key and excluding the 
private key ; reception, via the authenticated channel, of the signature certificate transmitted 
by the server in response to said request; calculation of a cryptographic signature at the client 
station by means of the private key, followed by destruction of the private key; and 
formatting of the calculated signature with the aid of the signature certificate received via the 
authenticated channel. 

13. (Currently Amended) An assistance Assistance server according to claim 12, wherein 
the signature certificate has a validity period of at most one day. 

14. (Currently Amended) An assistance Assistance server according to claim 12, wherein 
said operations further comprise a verification of the signature certificate received via the 
authenticated channel. 
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